David Klein is a PhD Candidate since October 2018. His research interests include static and dynamic analysis, program transformations, web security and privacy.
@davklein:matrix.tu-bs.de
david.klein[at]tu-braunschweig.de
Comma Separated Vulnerabilities: Detecting Formula Injection in the Wild
Manuel Karl, Louis Bettels, Martin Johns, and David Klein
19th USENIX WOOT Conference on Offensive Technologies, 2025
”Sorry for bugging you so much.“ Exploring Developers’ Behavior Towards Privacy-Compliant Implementation
Stefan Albert Horstmann, Sandy Hong, David Klein, Raphael Serafini, Martin Degeling, Martin Johns, Veelasha Moonsamy, and Alena Naiakshina
46th IEEE Symposium on Security and Privacy, 2025 [BIB]
HyTrack: Resurrectable and Persistent Tracking Across Android Apps and the Web
Malte Wessels, Simon Koch, Jan Drescher, Louis Bettels, David Klein, and Martin Johns
34th USENIX Security Symposium, 2025 [BIB]
Wemby’s Web: Hunting for Memory Corruption in WebAssembly
Oussama Draissi, Tobias Cloosters, David Klein, Michael Rodler, Marius Musch, Martin Johns, and Lucas Davi
34th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2025 [BIB]
Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting
Robin Kirchner, Jonas Möller, Marius Musch, David Klein, Konrad Rieck, and Martin Johns
33rd USENIX Security Symposium, 2024 [BIB] [Distinguished Paper Award Winner]
FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds
Soumaya Boussaha, Lukas Hock, Miguel Bermejo, Ruben Cuevas Rumin, Angel Cuevas Rumin, David Klein, Martin Johns, Luca Compagna, Daniele Antonioli, and Thomas Barber
Privacy Enhancing Technologies Symposium (PETS), 2024 [BIB]
A Black-Box Privacy Analysis of Messaging Service Providers’ Chat Message Processing
Robin Kirchner, Simon Koch, Noah Kamangar, David Klein, and Martin Johns
Privacy Enhancing Technologies Symposium (PETS), 2024 [BIB]
Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
David Klein and Martin Johns
45th IEEE Symposium on Security and Privacy (S&P), 2024 [BIB]
The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code
Simon Koch, David Klein, and Martin Johns
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), 2024 [BIB]
Poster: The Risk of Insufficient Isolation of Database Transactions in Web Applications
Simon Koch, Malte Wessels, David Klein, and Martin Johns
ACM Conference on Computer and Communications Security (CCS), 2023 [BIB]
General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications
David Klein, Benny Rolle, Thomas Barber, Manuel Karl, and Martin Johns
ACM Conference on Computer and Communications Security (CCS), 2023 [BIB]
Accept All Exploits: Exploring the Security Impact of Cookie Banners
David Klein*, Marius Musch*, Thomas Barber, Moritz Kopmann, and Martin Johns
Annual Computer Security Applications Conference (ACSAC), 2022 [BIB]
Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions
David Klein, Thomas Barber, Souphiane Bensalim, Ben Stock, and Martin Johns
IEEE European Symposium on Security and Privacy (Euro S&P), 2022 [BIB]
LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Privacy Enhancing Technologies (PETS), 2021 [BIB]
Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis
Souphiane Bensalim, David Klein, Thomas Barber, and Martin Johns
European Workshop on Systems Security (EuroSec), 2021 [BIB]
Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning
Erwin Quiring, David Klein, Daniel Arp, Martin Johns and Konrad Rieck
USENIX Security Symposium, 2020 [BIB]
Deploying Contextual Computing in a Campus Setting
Fabio Aversente, David Klein, Schekeb Sultani, Dmitri Vronski, and Jörg Schäfer
International Network Conference (INC), 2016
Implementing Situation Awareness for Car-to-X Applications using Domain Specific Languages
Jörg Schäfer, and David Klein
IEEE Vehicular Technology Conference (VTC), 2013
Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
RuhrSec '24, 20.-21.02.2024, Bochum, Germany
Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials
Blackhat EU '24, 09.-12.12.2024, London, UK
Exploring Synergies Between Privacy and Security Enhancing Technologies [Slides]
German OWASP Day '23, 30.-31.5.2023, Frankfurt am Main, Germany
Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions [Slides]
RuhrSec '23, 11.-12.5.2023, Bochum, Germany
3rd-Party JavaScript, das unbekannte Wesen
Mit Martin Johns, IT-Defense '23, 8.-10.02.2023, Mainz, Germany.
Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions [Slides]
OWASP Global AppSec, 17.11.2022, San Francisco, USA
| Year | Conferences |
|---|---|
| 2024 | CODASPY, CCS, ACSAC |
| 2023 | S&P, CCS |
| 2022 | S&P, EuroS&P (external), WWW, ACSAC, CODASPY, SAC, ARES |
| 2021 | WWW, CODASPY, SAC, ARES, ACSAC, |
| 2020 | WWW, EuroS&P, CODASPY, SAC, ICWE, ACSAC |
| 2019 | ACSAC, CODASPY, SAC, ICWE |
| 2018 | CODASPY, SAC, ACSAC |